Using NISTNet

The way you'd usually use NISTNet is to install the software on a Linux-based
router installed in your test environment. The router would have a number of
network interfaces configured. For example, you might have two Ethernet
interfaces configured, each supporting a different IP network. You'd place
your test hosts on either side of the router and configure NISTNet to exhibit
the characteristics you wish to model and run your test.

The primary module is nistnet.o, which is the main body of the
network emulation code that augments the normal IP forwarding routines in the
kernel. The first thing you need to do is to load the module. You can use
either insmod or modprobe to do this:

modprobe nistnet

When the module is loaded you will be able try out the client. You must have
root permissions to run the client programs. While the text mode interface is
convenient for scripting purposes, I find the X11 client much easier to use.
The X11 client is called xnistnet.

When you first start the xnistnet client you will be presented with
a large display looking something like that of figure 1.

Figure 1. NISTNet GUI client (click on image for full size view).

Each row of the display represents an emulation rule. In the left-hand panel,
you configure the hosts or services that must match for that rule to apply
when forwarding. You may specify host or network addresses, protocols such
as TCP and UDP, and ports by name or by number. You must supply both a source
and destination pattern, and rules are not bidirectional; that is, you must
configure a rule for each direction. The rules for configuring a pattern are
simple enough, but don't look it initially.

In the right-hand panel you configure the actual conditions that will be
applied when that rule is matched, and in the right-most fields you are
able to see some running statistics for the connections represented by the
rule.

More comprehensive instructions and explanations of each of the fields are
supplied with the package, so there is little point in reproducing them here.
Instead, let's look at a simple example.

Let's imagine that our lab setup is built of three Linux machines. One, the
NISTNet router, has an Ethernet interface and a PPP interface to another Linux
machine with a null modem link at 33.6 kilobits/second. The third Linux machine
is on the Ethernet network and has the IP address of 192.168.1.1
that we'll use to send test traffic to the PPP-connected Linux machine, which
has the address 192.168.2.1. Our test environment is illustrated in
figure 2.

Figure 2. Example test environment.

We'll illustrate the capability of NISTNet using a simple ping test. In
practice you'd probably be using something much more relevant to your
application. In a stable state, no rules configured, our ping test looks like:

Let's add a rule that will insert a 500 millisecond delay in datagrams in
the forward direction only. To do this we start the xnistnet client
and enter the address of our source machine, 192.168.1.1, into the
source field of a rule, and the destination address, 192.168.2.1, into
the destination field of the same rule. We then enter 500 into the
field labelled "Delay (mS)" in the right-hand panel, and hit the
"Update" button to activate it. When we now look at our ping test we see: